Wo steckt der Bösewicht?

vincnrw · 20.10.2008, 20:49

Hallo Forum,
ich habe heute einen großen Fehler mit einer EXE. - Datei gemacht!

Anstatt die Datei aus einer RAR Datei zu schließen habe ich irrtümlich die Datei (10 MB) installiert. Eigentlich kann es sich nur um einen Virus / Trojaner handeln.

Ich habe bereits xy Scans durchgeführt, jedoch keinen Alarm bekommen.

Es handelt sich um meinen FIRMENRECHNER, daher muss ich schnellstens eine Lösung finden!

Würdet Ihr mich bitte unterstützen!
DANKE
VINC

----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:54, on 20.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Microsoft Office Outlook] C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE /recycle
O4 - HKCU\..\Run: [Eraser RiskMonitor] "C:\Program Files\East-Tec Eraser 2008\Launch.exe" "C:\Program Files\East-Tec Eraser 2008\etRiskMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {14E35D5F-DEBA-4DB3-B2ED-17542BA12D1F} (CV781Object Object) - http://uweip.dyndns.org:6005/AV718.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://62.153.88.109/RtspVaPgDec.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B0781EB7-16EA-49F1-9C1D-9716D88206CF} (IPCAM Object) - http://vodacam.kicks-ass.org:81/view.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xxt.local
O17 - HKLM\Software\..\Telephony: DomainName = xxt.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCF001F5-97C6-4508-B57D-97A5EC8E50EF}: NameServer = 192.168.10.35,192.168.10.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = xxt.local
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: cyberJack PC/SC COM Service (cjpcsc) - REINER SCT - C:\Windows\system32\cjpcsc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe

--
End of file - 7715 bytes

TR-Vundo · 20.10.2008, 21:04

C:\Program Files\Common Files\Teleca Shared\Generic.exe

Hallo ertmahl! Es gibt einen Trojaner nahmens TR/Generic2.UYD
Lasse den oben angegebene Datei bei Virus Total mahl checken!

TR-Vundo · 20.10.2008, 21:05

Natürlich das Ergebnis hir posten!

vincnrw · 20.10.2008, 21:07

Hi,
wo soll ich die Datei mal checken lassen?
Also ich bin ein dummer User ;-)

Danke
Vinc

TR-Vundo · 20.10.2008, 21:22

Alsooooooooooo!

1. gehe auf http://www.virustotal.com/de/
2. lade die Datei hoch
3. Warte bis der check ferig ist
4. kopiere die ergebnisse ins Forum

Dan kanns ja losgehen!

vincnrw · 20.10.2008, 21:25

Datei Generic.exe empfangen 2008.10.10 22:28:42 (CET)
Status: Beendet

Ergebnis: 0/36 (0.00%)
Filter Drucken der Ergebnisse
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.10.10.1 2008.10.10 -
AntiVir 7.8.1.34 2008.10.10 -
Authentium 5.1.0.4 2008.10.10 -
Avast 4.8.1248.0 2008.10.10 -
AVG 8.0.0.161 2008.10.10 -
BitDefender 7.2 2008.10.10 -
CAT-QuickHeal 9.50 2008.10.10 -
ClamAV 0.93.1 2008.10.10 -
DrWeb 4.44.0.09170 2008.10.10 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6139 2008.10.09 -
Ewido 4.0 2008.10.10 -
F-Prot 4.4.4.56 2008.10.10 -
F-Secure 8.0.14332.0 2008.10.10 -
Fortinet 3.113.0.0 2008.10.10 -
GData 19 2008.10.10 -
Ikarus T3.1.1.34.0 2008.10.10 -
K7AntiVirus 7.10.490 2008.10.10 -
Kaspersky 7.0.0.125 2008.10.10 -
McAfee 5402 2008.10.09 -
Microsoft 1.4005 2008.10.10 -
NOD32 3513 2008.10.10 -
Norman 5.80.02 2008.10.10 -
Panda 9.0.0.4 2008.10.10 -
PCTools 4.4.2.0 2008.10.10 -
Prevx1 V2 2008.10.10 -
Rising 20.65.42.00 2008.10.10 -
SecureWeb-Gateway 6.7.6 2008.10.10 -
Sophos 4.34.0 2008.10.10 -
Sunbelt 3.1.1708.1 2008.10.10 -
Symantec 10 2008.10.10 -
TheHacker 6.3.1.0.106 2008.10.10 -
TrendMicro 8.700.0.1004 2008.10.10 -
VBA32 3.12.8.6 2008.10.09 -
ViRobot 2008.10.10.1416 2008.10.10 -
VirusBuster 4.5.11.0 2008.10.10 -
weitere Informationen
Tamano archivo: 983040 bytes
MD5...: d365f1ad3c1f86a0a8b0022acf6328a2
SHA1..: 5e8b1e29c9ad31f53d87c5eb0158e63d7bfbaa08
SHA256: 5bc2428a4390b6de14e2afad5259b5927639bff88f67740fab5b7c82d35bf34c
SHA512: 89f17f1d5e00a925c6ec9a82cc4026e0a20e5516a362485c9760321c9249a30c
38ead435ca45c8a6c155b8d78447475c55a0155d5e68b7787b6b6f0bb99b2bf4
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4af62a
timedatestamp.....: 0x45cc864c (Fri Feb 09 14:33:48 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xbf026 0xc0000 5.93 9911162b9c71dba0f109ecf2b4038464
.rdata 0xc1000 0x2ae58 0x2b000 5.26 2ad17ee6c14eeba211398e65d0e467f2
.data 0xec000 0xae0 0x1000 1.08 9bc06884a22aad4fe89c888aa3d767b1
.rsrc 0xed000 0x2470 0x3000 4.14 7aa3ab2cb870a73f5086be97c9967ad1

( 13 imports )
> VERSION.dll: VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
> KERNEL32.dll: SizeofResource, LoadResource, FindResourceW, LoadLibraryExW, lstrcmpiW, lstrcpynW, InitializeCriticalSection, InterlockedIncrement, InterlockedDecrement, LocalFree, LocalAlloc, FormatMessageW, RaiseException, CreateMutexW, CloseHandle, CreateEventW, ResetEvent, WaitForSingleObject, ReleaseMutex, SetEvent, WaitForMultipleObjects, SetFileAttributesW, LockResource, FindResourceExW, Sleep, OpenEventW, GlobalFree, GetCurrentThreadId, GetCommandLineW, lstrcatW, MultiByteToWideChar, GetProcessHeap, FlushInstructionCache, GetCurrentProcess, SetLastError, GlobalHandle, GlobalAlloc, GlobalUnlock, GlobalLock, HeapFree, MulDiv, lstrcmpW, TerminateThread, lstrlenA, CreateDirectoryW, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetStartupInfoW, GetModuleHandleA, ExitProcess, HeapSize, GetThreadLocale, HeapDestroy, GetVersionExA, GetVersionExW, HeapReAlloc, InterlockedExchange, GetACP, GetLocaleInfoA, FreeLibrary, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, lstrcpyW, GetModuleFileNameW, GetModuleHandleW, GetLastError, lstrlenW, HeapAlloc, WideCharToMultiByte
> USER32.dll: CharLowerBuffW, CharUpperBuffW, DispatchMessageW, TranslateMessage, GetMessageW, MsgWaitForMultipleObjects, PeekMessageW, ShowWindow, SetWindowPos, MapWindowPoints, GetClientRect, SystemParametersInfoW, GetWindowLongW, GetWindowRect, wsprintfW, GetParent, DestroyWindow, CharUpperW, SetWindowLongW, CreateDialogIndirectParamW, RegisterClassExW, LoadCursorW, GetClassInfoExW, RegisterWindowMessageW, DefWindowProcW, SetWindowTextW, GetWindowTextW, GetWindowTextLengthW, DestroyAcceleratorTable, GetSysColor, GetFocus, SetFocus, CharNextW, PostThreadMessageW, GetWindow, SendDlgItemMessageW, MapDialogRect, SetWindowContextHelpId, MoveWindow, ScreenToClient, EnableWindow, UnregisterClassW, CreateWindowExW, CallWindowProcW, GetDlgItem, SendMessageW, InvalidateRgn, InvalidateRect, SetCapture, ReleaseCapture, CreateAcceleratorTableW, GetDesktopWindow, GetClassNameW, RedrawWindow, IsWindow, BeginPaint, FillRect, EndPaint, GetDC, ReleaseDC, IsChild
> GDI32.dll: GetDeviceCaps, BitBlt, SelectObject, CreateCompatibleDC, CreateCompatibleBitmap, DeleteObject, CreateSolidBrush, GetObjectW, GetStockObject, DeleteDC
> ADVAPI32.dll: RegDeleteValueW, RegQueryInfoKeyW, RegSetValueExW, RegEnumKeyExW, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey, RegDeleteKeyW
> SHELL32.dll: SHGetFolderPathW, CommandLineToArgvW, SHCreateDirectoryExW
> ole32.dll: StringFromGUID2, CoTaskMemRealloc, IIDFromString, CLSIDFromString, CoTaskMemAlloc, CoResumeClassObjects, CoTaskMemFree, CoCreateInstance, CoRegisterClassObject, ProgIDFromCLSID, OleRun, StringFromCLSID, CoUninitialize, CoInitializeEx, CoRevokeClassObject, OleUninitialize, CreateStreamOnHGlobal, OleInitialize, CoGetClassObject, CLSIDFromProgID, OleLockRunning
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> SHLWAPI.dll: PathFileExistsW, PathFindExtensionW
> MSVCP71.dll: __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@H@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@I@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@K@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, __Unlock@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEXXZ, __Lock@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEXXZ, _uncaught_exception@std@@YA_NXZ, __Osfx@_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEXXZ, _good@ios_base@std@@QBE_NXZ, _tie@_$basic_ios@DU_$char_traits@D@std@@@std@@QBEPAV_$basic_ostream@DU_$char_traits@D@std@@@2@XZ, _flush@_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV12@XZ, _size@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIXZ, _width@ios_base@std@@QBEHXZ, _flags@ios_base@std@@QBEHXZ, _fill@_$basic_ios@DU_$char_traits@D@std@@@std@@QBEDXZ, _rdbuf@_$basic_ios@DU_$char_traits@D@std@@@std@@QBEPAV_$basic_streambuf@DU_$char_traits@D@std@@@2@XZ, _sputc@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEHD@Z, _eof@_$char_traits@D@std@@SAHXZ, _eq_int_type@_$char_traits@D@std@@SA_NABH0@Z, __A_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEABDI@Z, _width@ios_base@std@@QAEHH@Z, __Nomemory@std@@YAXXZ, _setstate@_$basic_ios@DU_$char_traits@D@std@@@std@@QAEXH_N@Z, ___D_$basic_ostringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXXZ, _str@_$basic_ostringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@2@XZ, __0_$basic_ostringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@H@Z, _c_str@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEPBDXZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBD@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@J@Z, __$_6U_$char_traits@D@std@@@std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@0@AAV10@PBD@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@PBX@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ
> tlib_log.dll: _getFormattedProcessId@Telecalib_logging@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@XZ, _getFormattedThreadId@Telecalib_logging@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@XZ, _location@Telecalib_logging@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@PBDH0@Z, __1LogEventHandler@@UAE@XZ, _unregisterApplication@Telecalib_logging@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@0@Z, _createApplicationSpecificLogFile@Telecalib_logging@@YA_NV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@0ABV23@_N@Z, _initDefaultLogs@Telecalib_logging@@YA_NV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@ABV23@_N@Z, __0LogEventHandler@@QAE@XZ
> boost_log_vc71_mt_1_33.dll: __1logger@logging@boost@@QAE@XZ, _write_msg@logging@boost@@YAXAAUdefault_log_manager@12@AAUlogger@12@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@I@Z, _find_log_by_name@logging@boost@@YA_AV_$shared_ptr@Ulogger_impl@logging@boost@@@2@AAUdefault_log_manager@12@ABV_$basic_string@DU_$char_traits@D@std@@V _$allocator@D@2@@std@@@Z, _is_enabled@logger@logging@boost@@QBE_NI@Z
> MSVCR71.dll: wcscspn, _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __wgetmainargs, _amsg_exit, _wcmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, _onexit, __dllonexit, _terminate@@YAXXZ, __1type_info@@UAE@XZ, __security_error_handler, _callnewh, strchr, __CxxFrameHandler, __3@YAXPAX@Z, _CxxThrowException, free, malloc, __0exception@@QAE@ABV0@@Z, __1exception@@UAE@XZ, ___V@YAXPAX@Z, memcpy, memset, _except_handler3, __0exception@@QAE@XZ, realloc, _purecall, memcmp, _resetstkoflw, strtol, fclose, fprintf, fopen, swprintf, wcsspn, _strdup, iswspace, memmove, wcscmp, wcslen, _beginthreadex, wcsncpy, sprintf, strcpy, strlen, wcsstr, strrchr, vsprintf, vprintf, fflush, _iob, _splitpath

( 0 exports )

TR-Vundo · 20.10.2008, 21:31

Da lagen wir wohl daneben!

Bitte lade dir Malwarebytes runter und lasse es einen Check durchführen.
Den Log wider hir posten!

TR-Vundo · 20.10.2008, 21:48

Ich bin morgen gegen 7:00 Uhr wider dranne!
Dan gucke ich mir wenn schohn erstellt dein Malwarebytes Ergebnis an!
Bis dan

!

vincnrw · 21.10.2008, 09:17

Hallo,
ich habe den SCAN druchlaufen lassen, jedoch wurde nichts erkannt.
Ist der der LOG bei mir OK?

Ich kann mir nicht vorstellen, dass ich eine SPAM eMail mit EXE Datei ohne Virus erhalte ;-)

Ich möchte ganz sicher gehen!

Gruss
VinC

vincnrw · 22.10.2008, 10:41

Hallo Forum,
... danke für die bisherige Hilfe.

Leider stecke ich nun ein wenig "fest" ... Also habe ich keinen VIRUS / MALWARE etc auf meinem Computer?

Das kann doch nicht sein, oder?

Danke
VINC

KarlKarl · 22.10.2008, 18:39

Hi,

Zitat:

Also habe ich keinen VIRUS / MALWARE etc auf meinem Computer?

Das kann doch nicht sein, oder?

Doch, kommt in Ausnahmefällen vor.

Btw: Was war denn das für eine EXE-Datei?

Gruß, Karl

vincnrw · 23.10.2008, 07:14

Danke für deine Antwort!

Es handelte sich um "flash_video.exe" und war in einem WinRaR Archiv angehangen. Die Größe hat fast 10 MB!

Gruss
Vinc

Wo steckt der Bösewicht?

Log-Analyse und Auswertung: Wo steckt der Bösewicht?